SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B.
Signed-off-by: Rosen Penev <ros...@gmail.com> --- ustream-openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ustream-openssl.c b/ustream-openssl.c index 2faa855..eb03dab 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -52,6 +52,8 @@ __ustream_ssl_context_new(bool server) #ifndef OPENSSL_NO_ECDH SSL_CTX_set_ecdh_auto(c, 1); #endif + if (server) + SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); SSL_CTX_set_quiet_shutdown(c, 1); return (void *) c; -- 2.16.3 _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev